The advent of a new presidential administration typically marks a transition period and adjustment of focus across the government. This sentiment is especially pronounced in 2021 with changes in IT, threat activity and the Defense Department’s focus on defining its “new normal” work environment as COVID-19 vaccine distribution becomes widespread and public health concerns slowly abate. The COVID-19 pandemic showcased government offices’ critical need to plan for continuity of operations, contingencies and secure telework beyond just the occasional snow days.
After an unprecedented 10 months of extensive telework by government employees and the rise in hybrid modes of delivering citizen services, it is evident that securing remote access is not just last year’s problem but instead will be an ongoing priority for all government agencies.
Defense officials lauded employees’ productivity during the pandemic-driven shift to remote work. The DISA director, Navy Vice Adm. Nancy A. Norton, confirmed that the DoD didn’t only survive the pandemic-driven pivot to telework, but its workforce thrived. According to Norton, remote work capabilities helped senior officials develop and strengthen mutual trust with their workforce.
As a result, the DoD is contemplating new ways to adapt more jobs for remote work. Most recently, the agency published guidelines for extending maximum telework capabilities through June 2021. The defense workforce, as well as the workplace, is on the verge of becoming hybrid.
While some government organizations may fully return operations to their physical offices, many are likely to create hybrid work environments. Some employees will return to the office full time, while others remain primarily remote or adopt patterns where most employees split their time between locations.
Hybrid digital activities will have significant implications for the structure and flexibility of IT services and networks because defense offices will need to provide IT services at any time and any place to support their workforce and constituents — and to do so securely. As the DoD contemplates making changes to its network infrastructure and security posture to support these hybrid work models, defense IT leaders will have to manage an environment that’s part face-to-face and part virtual for citizens and employees alike.
In addition to a hybrid workforce, the increasing digitization of the defense workforce means more offices will utilize internet-connected operational technology (OT) in their workplace. OT allows agencies to use hardware and software to monitor and control physical processes, devices and infrastructure across hundreds of thousands of platforms, including brick-and-mortar buildings and mobile platforms.
This internet-connected OT creates a complex environment of interdependent functions and vectors that provides fertile ground for malicious actors to exploit. Recent events like the highly publicized SolarWinds hack have displayed how federal networks can be the target of cyberattacks and the depths to which cyber adversaries will go to infiltrate government networks.
Hybrid government activity fosters hybrid threats
Threat actors are increasingly mounting hybridized or blended threats to attack government networks. For instance, due to increased online government services, agencies are likely to face more distributed denial-of-service (DDoS) attacks, where attackers flood a server with internet traffic to prevent users from accessing connected government online services and sites. Since many organizations have developed plans to deal with large DDoS attacks, threat actors are increasingly resorting to launching multiple smaller attacks simultaneously to stay below the threshold that would trigger an automated mitigation response.
Threat actors could time spear phishing campaigns to coincide with launching such DDoS attacks, gambling that network defenders and system users may be distracted by the highly visible DDoS and miss a successful spear phishing incursion. Threat actors can enhance the effectiveness of such spear phishing attacks by using artificial intelligence and machine learning technology to learn and mimic a co-opted sender’s specific style and syntax. This tactic increases the likelihood that each targeted receiver might accept the malicious email as genuine.
Ransomware also remains a significant, growing problem for government networks and users. Ransomware is becoming more capable, as seen in the rise of hybridized, multipart malware compiled from the functions and models of existing high-performing malware components. For instance, cyber adversaries might combine one package’s initial infection tool, another’s capability for lateral expansion inside a target network and a third’s encryption algorithm to design a “digital Frankenstein,” created from best-of-breed parts.
Security for hybrid IT environments
To ensure secure hybrid work and optimized digital services in the face of such threats, defense IT leaders must bolster networks and services to handle both routine and extraordinary activities that might affect the continuity of operations. To protect DoD networks against increasingly complex attacks and gain needed operational flexibility, defense offices need to accelerate migration to cloud-based services and implement them securely in a multicloud environment. It is often too easy to end up with inconsistent policies and controls in different public cloud environments — and inconsistency can produce gaps that result in vulnerabilities.
With the continuation of telework by a large portion of the DoD workforce, the department risks operating under conditions in which it will lack visibility and control into the remote users’ IT environment. Defense IT offices can deploy zero trust network access, which offers identity management and access control and SSL inspection to minimize the consequences of a successful compromise of the endpoint environment. The agency can also harness secure solutions for software-defined networking, like SD-WAN and SD-Branch, for the most efficient, cost-effective cybersecurity across all edges on a distributed network, not just remote teleworkers. Hybrid work patterns and digital citizen services are both likely to continue to grow in importance for the foreseeable future, making them targets for increasingly innovative and sophisticated threats. The DoD must be ready to provide the full gamut of secure networking and connectivity across it IT environments to enable a secure digital frontline and sufficient access for both defense employees and the defense community at large.
Jim Richberg is public sector field CISO at Fortinet. He formerly served as the national intelligence manager for cyber in the Office of the Director of National Intelligence, where he set national cyber intelligence priorities.